CyberWire Daily – “86 reasons to update.”

Date: September 10, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Jake Braun – DEFCON organizer, co-founder of Project Franklin, former White House official

Episode Overview

This episode delivers a comprehensive snapshot of the latest in cybersecurity news, advisories, and expert insights, with special attention to newly disclosed vulnerabilities, evolving ransomware trends, high-profile infrastructure threats, and innovations in privacy-risk technology. The centerpiece interview features Jake Braun, shedding light on Project Franklin’s mission to improve US water utility security through DEFCON volunteerism and civic engagement. The episode balances technical depth with approachable analysis, making it essential listening for practitioners and generalists alike.

Key Discussion Points & Insights

Critical Patch Updates and Vulnerabilities [00:14 - 04:00]

Microsoft’s Patch Tuesday:
- Released 86 fixes for Windows and related products.
- Two publicly disclosed zero-days; one major SMB relay/privilege escalation flaw.
- “Mitigations like server signing and extended protection for authentication can help shield systems.” (Dave Bittner, 00:55)
Other Vendor Advisories:
- Adobe: ~22 vulnerabilities (ColdFusion, Commerce—critical risk).
- ICS Patches: Rockwell Automation (8 critical advisories), joined by Siemens, Schneider Electric.
- Noteworthy security updates: Fortinet, Ivanti, Nvidia—all addressing high-impact issues (RCE, data exposure).

Spotlight: North Korean APT Kimsuky Leak [04:00 - 05:00]

9GB leaked dataset analysis:
- Reveals GPKI & credential theft, development of Linux rootkits, interactive malware, links to Chinese operations.
Recommended monitoring:
- NASAM artifacts, OCR tool use, phishing domains, PAM SSH logs.

iPhone 17 Security & Advancements [05:00 - 06:00]

Apple’s Memory Integrity Enforcement (MIE):
- Default on iPhone 17/iOS 26—aimed to curb mercenary spyware.
- Uses ARM’s memory tagging, secure allocators, confidentiality enforcement.
- “MIE will raise costs for spyware developers and reshape memory safety defenses.” (Ivan Kirstick, Apple, 05:40)
Google's Advanced Protection Mode also launched for Android.

“Chilly Hell”: Advanced macOS Backdoor [06:00 - 07:00]

Threat details:
- Modular, notarized malware masquerading as legitimate Mac apps.
- Uses time stomping, launch agents/daemons for persistence.
Key takeaway:
- “Jamf researchers stress this case as proof that Apple’s notarization checks, while helpful, aren’t infallible...” (Dave Bittner, 06:45)

Ransomware Radar: Education Sector Gains Ground [07:00 - 08:00]

New Sophos Report:
- Ransomware demands/payments down 74–90% in both lower/higher ed.
- Improved recovery times; encryption rates at multi-year lows due to better early detection.
- “Researchers note attackers may now favor smaller, quicker payouts over large ransom demands.” (Dave Bittner, 07:55)

Infrastructure Security & Policy Frictions [08:00 - 11:00]

US Lags in Critical Infrastructure Security:
- Alexei Bolezel (National Security Council) highlights lag vs. smartphone security; especially worrying in the energy sector.
- Policy emphasis: Raise technical baseline, focus on defensive measures.
- “Hackers are intentional actors, not natural disasters.” (Bolezel paraphrase, 10:15)
Political Perspective:
- Senator Angus King: “U.S. cybersecurity is a hellscape made worse by government cuts.” (11:32)
  - Cites CISA staffing issues, slashed partnerships.
- DHS’s David Harvlich counters: More staff isn’t the only solution; praises new leadership.

Major Prosecution: Transnational Ransomware [11:00 - 13:00]

Case Profile:
- Ukrainian Volodymyr Timoshuk ($11M bounty): Allegedly behind LockerGoga, MegaCortex, Nephilim attacks—$18B damages, 250+ US companies hit.
- Operations included Norsk Hydro's $81M, 35-country disruption.
- Use of Cobalt Strike, Metasploit, affiliate model for scaling ransomware.

Interview: Jake Braun on Project Franklin [14:24 - 25:24]

The Origins and Mission of Project Franklin [14:34 - 16:30]

Founded by Jake Braun and DEFCON’s Jeff Moss after recognizing the lack of cybersecurity support for US water utilities.
Inspirational Naming:
- “What better name to evoke both this commitment to science and civic engagement than Franklin?” (Jake Braun, 15:59)

Water Utilities: The Overlooked Target [16:17 - 19:50]

US critical infrastructure, especially water, is vulnerable—often supporting military sites.
Chinese APTs (e.g., ‘Bull Typhoon’) pre-positioning on resources.
Water utilities, especially civilian, lack federal cybersecurity aid.
Project Franklin mobilizes skilled DEFCON volunteers for direct assistance.

Memorable Quote

“Without a civil society response, meaning hackers at DEFCON volunteering their time to provide free support to water utilities—they would have no cybersecurity support but for these volunteers.” (Jake Braun, 17:45)

Volunteer Engagement and Impact [19:50 - 22:15]

Massive sign-up: 350 volunteers in weeks, overwhelming demand.
Partnered with National Rural Water Association (not just rural in reality).
Started with 5 ‘guinea pig’ utilities—basic to advanced cyber hygiene improvements.

Notable Quote

“We had so many people sign up we had to shut down signups because we couldn’t even take in all the people who were offering to help.” (Jake Braun, 18:44)

Eligibility and Expertise [20:02 - 20:42]

Priority: 10+ years experience; strong IT/OT expertise.
They balance experienced and less-experienced applicants based on utility needs.

Scaling and Vision [20:47 - 22:09]

Looking to scale with help from vendors (e.g., Dragos offering tools).
Long-term aim: Connect volunteers with personal/community ties to specific locales—hometown support, even if volunteer now lives elsewhere.

Notable Quote

“Down the road, years from now, I’d love to have us assign people who are from their community to these water utilities...” (Jake Braun, 21:18)

Sustainability and Sector Evolution [22:09 - 25:24]

DEFCON community’s “immense” interest suggests sustainability.
Only viable option for many utilities with no cyber budget: “Their options are take a Franklin volunteer or do nothing.” (Jake Braun, 22:55)
Water sector now where energy sector was a decade ago—just beginning to reckon with digital threats.

Notable Quote

“Water’s kind of, I think, starting to take up the mantle the way energy did about 10, 15 years ago.” (Jake Braun, 25:17)

Innovation Snapshot: HUFI – Wi-Fi Becomes Your “Nosy Roommate” [26:46 - 28:30]

Italian researchers at La Sapienza University present HUFI: Biometric identification/re-identification through ambient Wi-Fi signal distortions.
No device needed—body interferes with wireless signals, allowing accurate identification even through walls.
“Privacy may not be dead yet, but it’s definitely buffering.” (Dave Bittner, 28:25)

Notable Quotes by Timestamp

Patch Tuesday urgency:
“Several of these [flaws] carry a likely exploitation label... mitigations like server signing and extended protection for authentication can help shield systems.” (Dave Bittner, 00:55)
Apple’s security chief on MIE:
“MIE will raise costs for spyware developers and reshape memory safety defenses.” (Ivan Kirstick, 05:40)
Project Franklin’s civically engaged ethos:
“What better name to evoke both this commitment to science and civic engagement than Franklin?” (Jake Braun, 15:59)
Franklin volunteers’ impact:
“Their options are take a Franklin volunteer or do nothing.” (Jake Braun, 22:55)
Water sector's turning point:
“Water’s kind of, I think, starting to take up the mantle the way energy did about 10, 15 years ago.” (Jake Braun, 25:17)
HUFI/Wi-Fi innovation:
“Privacy may not be dead yet, but it’s definitely buffering.” (Dave Bittner, 28:25)

Important Timestamps

| Segment | Timestamp | |--------------------------------------------|------------| | Patch Tuesday summary | 00:14–04:00| | North Korean APT Kimsuky leak | 04:00–05:00| | Apple/Google mobile security innovations | 05:00–06:00| | macOS “Chilly Hell” malware | 06:00–07:00| | Ransomware in the education sector | 07:00–08:00| | Infrastructure security policy discussion | 08:00–11:00| | Ransomware indictment (Timoshuk case) | 11:00–13:00| | Interview: Jake Braun/Project Franklin | 14:24–25:24| | HUFI/Innovative WiFi surveillance research | 26:46–28:30|

Tone & Style Notes

The episode balances polite urgency, informed skepticism, and technical clarity, with memorable analogies (e.g., Wi-Fi as a “nosy roommate”) and a civic-minded, accessible tone in the interview. The host and guests maintain an expert-yet-approachable style suitable for both industry professionals and the wider security-curious audience.

CyberWire Daily – “86 reasons to update.”

Date: September 10, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Jake Braun – DEFCON organizer, co-founder of Project Franklin, former White House official

Episode Overview

Key Discussion Points & Insights

Critical Patch Updates and Vulnerabilities [00:14 - 04:00]

Microsoft’s Patch Tuesday:
- Released 86 fixes for Windows and related products.
- Two publicly disclosed zero-days; one major SMB relay/privilege escalation flaw.
- “Mitigations like server signing and extended protection for authentication can help shield systems.” (Dave Bittner, 00:55)
Other Vendor Advisories:
- Adobe: ~22 vulnerabilities (ColdFusion, Commerce—critical risk).
- ICS Patches: Rockwell Automation (8 critical advisories), joined by Siemens, Schneider Electric.
- Noteworthy security updates: Fortinet, Ivanti, Nvidia—all addressing high-impact issues (RCE, data exposure).

Spotlight: North Korean APT Kimsuky Leak [04:00 - 05:00]

9GB leaked dataset analysis:
- Reveals GPKI & credential theft, development of Linux rootkits, interactive malware, links to Chinese operations.
Recommended monitoring:
- NASAM artifacts, OCR tool use, phishing domains, PAM SSH logs.

iPhone 17 Security & Advancements [05:00 - 06:00]

Apple’s Memory Integrity Enforcement (MIE):
- Default on iPhone 17/iOS 26—aimed to curb mercenary spyware.
- Uses ARM’s memory tagging, secure allocators, confidentiality enforcement.
- “MIE will raise costs for spyware developers and reshape memory safety defenses.” (Ivan Kirstick, Apple, 05:40)
Google's Advanced Protection Mode also launched for Android.

“Chilly Hell”: Advanced macOS Backdoor [06:00 - 07:00]

Threat details:
- Modular, notarized malware masquerading as legitimate Mac apps.
- Uses time stomping, launch agents/daemons for persistence.
Key takeaway:
- “Jamf researchers stress this case as proof that Apple’s notarization checks, while helpful, aren’t infallible...” (Dave Bittner, 06:45)

Ransomware Radar: Education Sector Gains Ground [07:00 - 08:00]

New Sophos Report:
- Ransomware demands/payments down 74–90% in both lower/higher ed.
- Improved recovery times; encryption rates at multi-year lows due to better early detection.
- “Researchers note attackers may now favor smaller, quicker payouts over large ransom demands.” (Dave Bittner, 07:55)

Infrastructure Security & Policy Frictions [08:00 - 11:00]

US Lags in Critical Infrastructure Security:
- Alexei Bolezel (National Security Council) highlights lag vs. smartphone security; especially worrying in the energy sector.
- Policy emphasis: Raise technical baseline, focus on defensive measures.
- “Hackers are intentional actors, not natural disasters.” (Bolezel paraphrase, 10:15)
Political Perspective:
- Senator Angus King: “U.S. cybersecurity is a hellscape made worse by government cuts.” (11:32)
  - Cites CISA staffing issues, slashed partnerships.
- DHS’s David Harvlich counters: More staff isn’t the only solution; praises new leadership.

Major Prosecution: Transnational Ransomware [11:00 - 13:00]

Case Profile:
- Ukrainian Volodymyr Timoshuk ($11M bounty): Allegedly behind LockerGoga, MegaCortex, Nephilim attacks—$18B damages, 250+ US companies hit.
- Operations included Norsk Hydro's $81M, 35-country disruption.
- Use of Cobalt Strike, Metasploit, affiliate model for scaling ransomware.

Interview: Jake Braun on Project Franklin [14:24 - 25:24]

The Origins and Mission of Project Franklin [14:34 - 16:30]

Founded by Jake Braun and DEFCON’s Jeff Moss after recognizing the lack of cybersecurity support for US water utilities.
Inspirational Naming:
- “What better name to evoke both this commitment to science and civic engagement than Franklin?” (Jake Braun, 15:59)

Water Utilities: The Overlooked Target [16:17 - 19:50]

US critical infrastructure, especially water, is vulnerable—often supporting military sites.
Chinese APTs (e.g., ‘Bull Typhoon’) pre-positioning on resources.
Water utilities, especially civilian, lack federal cybersecurity aid.
Project Franklin mobilizes skilled DEFCON volunteers for direct assistance.

Memorable Quote

“Without a civil society response, meaning hackers at DEFCON volunteering their time to provide free support to water utilities—they would have no cybersecurity support but for these volunteers.” (Jake Braun, 17:45)

Volunteer Engagement and Impact [19:50 - 22:15]

Massive sign-up: 350 volunteers in weeks, overwhelming demand.
Partnered with National Rural Water Association (not just rural in reality).
Started with 5 ‘guinea pig’ utilities—basic to advanced cyber hygiene improvements.

Notable Quote

“We had so many people sign up we had to shut down signups because we couldn’t even take in all the people who were offering to help.” (Jake Braun, 18:44)

Eligibility and Expertise [20:02 - 20:42]

Priority: 10+ years experience; strong IT/OT expertise.
They balance experienced and less-experienced applicants based on utility needs.

Scaling and Vision [20:47 - 22:09]

Looking to scale with help from vendors (e.g., Dragos offering tools).
Long-term aim: Connect volunteers with personal/community ties to specific locales—hometown support, even if volunteer now lives elsewhere.

Notable Quote

“Down the road, years from now, I’d love to have us assign people who are from their community to these water utilities...” (Jake Braun, 21:18)

Sustainability and Sector Evolution [22:09 - 25:24]

DEFCON community’s “immense” interest suggests sustainability.
Only viable option for many utilities with no cyber budget: “Their options are take a Franklin volunteer or do nothing.” (Jake Braun, 22:55)
Water sector now where energy sector was a decade ago—just beginning to reckon with digital threats.

Notable Quote

“Water’s kind of, I think, starting to take up the mantle the way energy did about 10, 15 years ago.” (Jake Braun, 25:17)

Innovation Snapshot: HUFI – Wi-Fi Becomes Your “Nosy Roommate” [26:46 - 28:30]

Italian researchers at La Sapienza University present HUFI: Biometric identification/re-identification through ambient Wi-Fi signal distortions.
No device needed—body interferes with wireless signals, allowing accurate identification even through walls.
“Privacy may not be dead yet, but it’s definitely buffering.” (Dave Bittner, 28:25)

Notable Quotes by Timestamp

Patch Tuesday urgency:
“Several of these [flaws] carry a likely exploitation label... mitigations like server signing and extended protection for authentication can help shield systems.” (Dave Bittner, 00:55)
Apple’s security chief on MIE:
“MIE will raise costs for spyware developers and reshape memory safety defenses.” (Ivan Kirstick, 05:40)
Project Franklin’s civically engaged ethos:
“What better name to evoke both this commitment to science and civic engagement than Franklin?” (Jake Braun, 15:59)
Franklin volunteers’ impact:
“Their options are take a Franklin volunteer or do nothing.” (Jake Braun, 22:55)
Water sector's turning point:
“Water’s kind of, I think, starting to take up the mantle the way energy did about 10, 15 years ago.” (Jake Braun, 25:17)
HUFI/Wi-Fi innovation:
“Privacy may not be dead yet, but it’s definitely buffering.” (Dave Bittner, 28:25)

86 reasons to update.

Powered by Wave AI

Summary

CyberWire Daily – “86 reasons to update.”

Episode Overview

Key Discussion Points & Insights

Critical Patch Updates and Vulnerabilities [00:14 - 04:00]

Spotlight: North Korean APT Kimsuky Leak [04:00 - 05:00]

iPhone 17 Security & Advancements [05:00 - 06:00]

“Chilly Hell”: Advanced macOS Backdoor [06:00 - 07:00]

Ransomware Radar: Education Sector Gains Ground [07:00 - 08:00]

Infrastructure Security & Policy Frictions [08:00 - 11:00]

Major Prosecution: Transnational Ransomware [11:00 - 13:00]

Interview: Jake Braun on Project Franklin [14:24 - 25:24]

The Origins and Mission of Project Franklin [14:34 - 16:30]

Water Utilities: The Overlooked Target [16:17 - 19:50]

Memorable Quote

Volunteer Engagement and Impact [19:50 - 22:15]

Notable Quote

Eligibility and Expertise [20:02 - 20:42]

Scaling and Vision [20:47 - 22:09]

Notable Quote

Sustainability and Sector Evolution [22:09 - 25:24]

Notable Quote

Innovation Snapshot: HUFI – Wi-Fi Becomes Your “Nosy Roommate” [26:46 - 28:30]

Notable Quotes by Timestamp

Important Timestamps

Tone & Style Notes

Summary

CyberWire Daily – “86 reasons to update.”

Episode Overview

Key Discussion Points & Insights

Critical Patch Updates and Vulnerabilities [00:14 - 04:00]

Spotlight: North Korean APT Kimsuky Leak [04:00 - 05:00]

iPhone 17 Security & Advancements [05:00 - 06:00]

“Chilly Hell”: Advanced macOS Backdoor [06:00 - 07:00]

Ransomware Radar: Education Sector Gains Ground [07:00 - 08:00]

Infrastructure Security & Policy Frictions [08:00 - 11:00]

Major Prosecution: Transnational Ransomware [11:00 - 13:00]

Interview: Jake Braun on Project Franklin [14:24 - 25:24]

The Origins and Mission of Project Franklin [14:34 - 16:30]

Water Utilities: The Overlooked Target [16:17 - 19:50]

Memorable Quote

Volunteer Engagement and Impact [19:50 - 22:15]

Notable Quote

Eligibility and Expertise [20:02 - 20:42]

Scaling and Vision [20:47 - 22:09]

Notable Quote

Sustainability and Sector Evolution [22:09 - 25:24]

Notable Quote

Innovation Snapshot: HUFI – Wi-Fi Becomes Your “Nosy Roommate” [26:46 - 28:30]

Notable Quotes by Timestamp

Important Timestamps

Tone & Style Notes